Affiliate links on Android Authority may earn us a commission.Learn more.

Report: The Shot on OnePlus app leaked ‘hundreds’ of email addresses

August 06, 2025

According to a9to5Googlereport published earlier today, a security flaw caused “hundreds” of email addresses to leak through the Shot on OnePlus app. OnePlus pre-installs the app on theOnePlus 7 Proand other OnePlus phones.

As the name suggests, Shot on OnePlus shows other people’s photos and lets you upload your own. When you upload a photo, you can change its title, location, and description. Shot on OnePlus requires a login for photo uploads, with users able to change their profile names, countries, and email addresses within the app and website.

A photo of the OnePlus 7 Pro with the Shot on OnePlus wallpaper app open.

Unfortunately,9to5Googlefound an API — mainly used to get public photos and make the link between the app and OnePlus’ servers — to be easy to access and without typical APIsecurities. Hosted on open.oneplus.net, the API is accessible to anyone with an access token and seemingly contains sensitive user data.

Making matters worse is the “gid” in the API. The gid is an alphanumerical code that lets the API identify specific users. It’s comprised of two parts: two letters that reveal where a user is from and a unique number. For example, CN472834 is a user from China and EN593874 is a user from somewhere else.

OnePlus 7 Pro almond color camera closeup angle

The vulnerable API uses the gid to find a user’s uploaded photos or delete said photos. The API also uses the gid to get a user’s information, such as their name, country, and email, and update that information.

As if that wasn’t bad enough, you could cycle through a gid’s numbers to find other users.

The good news is the API no longer leaks the gid and email addresses of those who publicly upload photos. OnePlus also made it so only the Shot on OnePlus app uses the API, though9to5Googlenotes that can be easily bypassed. Finally, the API obscures email addresses with asterisks.

Android Authorityreached out to OnePlus for comment but didn’t receive a response by press time.

NEXT:The OnePlus 7’s camera keeps getting better with latest update

Thank you for being part of our community. Read ourComment Policybefore posting.